Method of controlled access to content

ABSTRACT

A method of controlled access to content, comprising joining an access sharing network, obtaining a content item from the access sharing network which requires access control data to enable playback, obtaining the access control data, determining from the access control data that a particular other device is authorized to play back the content item, and enabling playback of the content item in accordance with the access control data upon a positive determination that said other device is a member of said access sharing network. Preferably the access control data is used also during a predetermined period of time after making a determination that said other device has ceased to be a member of the access sharing network. Also a device ( 101 ) configured to carry out the method.

The invention relates to the sharing of content items, for examplepeer-to-peer type sharing, and in particular to the regulation of suchsharing.

File sharing services and technologies, such as BitTorrent, KaZaa, orGnutella, are widely known on the Internet. They are used by millions ofusers to exchange content items such as music, typically in MP3 format.Each user can offer his own music collection to everyone else, whichallows everyone to have a large selection of music available fordownloading. Users have instant messaging (“chat”) functionalityavailable to communicate directly with other users, for example to makerequests or to comment on exchanged content items.

In addition, instant messaging services such as MSN Messenger, AOLInstant Messenger, Yahoo! Messenger and others are quite popular today.In such services also file 15 sharing facilities are available, althoughthey usually are more limited in functionality. An overview of instantmessaging technologies may be found in Melissa Anderson et al.,Technology Overview Report Instant Messaging, University ofWisconsin-Madison, December 2002.

However, the content items offered on these file-sharing services istypically popular music and movies, which is offered without thepermission of the copyright holders. To ensure the copyright holders getthe royalties they are entitled to, some file sharing services havestarted to charge a subscription fee to its users. Part of the revenuefrom the subscription fees can then be used to pay the copyrightholders.

Recently various so-called Digital Rights Management (DRM) systems havebeen developed. In their most basic form, the systems simply try toprevent copying of content. Such systems are sometimes also referred toas copy protection systems. More extensive DRM systems provide elaboraterights management to facilitate various different business models. Forexample, a user can purchase a right to play back a content item tentimes, or a right to distribute a copy of the content item to anotheruser.

Most users at present are accustomed to freely sharing the content itemsthey purchase on compact discs or DVDs, or the objects they downloadfrom other users. This suggests that the new DRM-based business modelsmight not be well received by these users. However, if unlimited copyingand distribution in digital form is permitted without any form ofcopyright protection, the content industry will be seriously harmed. Afair balance between the interests of the rights holders and the desiresof the users needs to be struck.

It is an object of the present invention to provide a method ofcontrolled access to content, which can strike such a balance.

This object is achieved according to the invention as claimed in claim1. Preferably the obtained access control data is only used for alimited period of time. By sharing access control data between nodes ina file sharing network, access to content is restricted to only thosedevices on said network.

One advantage of the invention is that now users are able to share acommon experience associated with some piece of protected content. Theintent is to do this in such a limited and restricted way that it doesnot intrinsically hurt the business models of the content owners, i.e.the content should be consumed in such circumstances that it would notdiscourage a potential buy by that user. An important restrictiontherefore is that users actively do something together, e.g.communicate, while they experience the content. In many cases this willconcern activities in the family sphere, where many countries' copyrightlaws provide exemptions.

In an embodiment the method comprising determining whether said othernode is still a member of the access sharing network. The access controldata should now be used only during periods of time when this is thecase. This enables sharing of content between nodes on the accesssharing network. Once a client leaves the network, it can no longer playback the content. This establishes a community of people on the networkwho are all jointly watching the content.

In another embodiment the method comprises monitoring an activity levelof the device and computing a validity period of the access control datafrom the data obtained by said monitoring. This enables sharing ofcontent between “active” nodes on the access sharing network, whichclosely fits consumers' perception of acceptable sharing. Today twopersons can share content by visiting each other and jointly watchinge.g. a television program or a DVD. The invention enables a similarmechanism over access sharing networks. If the users activelycommunicate with each other, they may jointly watch the content item.

Advantageous embodiments are set out in the dependent claims.

The invention also provides a device configured to carry out the method,a computer program product and an access sharing network.

These and other aspects of the invention will be apparent from andelucidated with reference to the embodiments shown in the drawing, inwhich:

FIG. 1 schematically shows a file sharing network comprising pluralclients;

FIG. 2 shows a file sharing client in more detail;

FIG. 3 schematically shows a server and a fingerprint database in moredetail;

FIG. 4 schematically illustrates a communication session between devices101 and 105; and

FIG. 5 schematically illustrates an embodiment of a user interface of anaccess sharing application.

Throughout the figures, same reference numerals indicate similar orcorresponding features. Some of the features indicated in the drawingsare typically implemented in software, and as such represent softwareentities, such as software modules or objects.

FIG. 1 schematically shows an access sharing network 100 comprisingplural access sharing clients 101, 102, 103, 104 and 105. Although shownhere as a physical network, with direct connections between the clients101-105, the network 100 is best regarded as a conceptual or virtualnetwork. That is, it is not necessary that all clients 101-105 arephysically or network-wise directly connected to each other all thetime. All that is needed is that one client “on the network” can obtainfiles or objects from another client. Also, even when directclient-to-client connections are used, it is not necessary that allclients are connected to all other clients.

The network 100 comprises a server 110, which performs a directoryservice for the clients 101-105. To connect to the access sharingnetwork 100, a client 101 submits a list of the files (or objects) itwants to share to the server 110. The server 110 combines the lists itreceives from all the clients connected to the network 100. Otherclients 102-105 can then connect to the server 110 and browse thecombined list or search for specific objects on the list. They cansubsequently contact the client that has the object they are lookingfor, and obtain (download) it from that client directly. This way, theserver 110 does not directly participate in the sharing of files orobjects between the clients 101-105. This approach is well known.

It is also possible to realize the network without the server 110, asillustrated in FIG. 2. In that case, a client 101 connects to thenetwork 200 by connecting to one or more other clients 102-105 that arealready on the network 100. A client searches the network by sending asearch request to the clients it is connected to. These clients examinetheir list of objects which they share, and return a result if therequested object is in that list. Furthermore, the request is forwardedto other clients connected to these clients. This way, the request isdistributed throughout the entire network 100 until it is received by aclient which can fulfill it, or until all clients have received it andnone are able to fulfill it.

Such an embodiment is known from e.g. the Gnutella file sharing network.A disadvantage of this embodiment is that the network 100 is notscalable. Gnutella like networks currently for example cannot support 1million clients. Furthermore the network becomes slow if there are anumber of “slow” computers, i.e. computers with limited bandwidth to thenetwork 100, processing power and/or memory.

Alternatively the client 101 can, after connecting to the one or moreother clients 102-105, submit its list of files or objects it wants toshare to those other clients 102-105. The list is then passed on to allthe clients on the network 100. This way, all clients know which clientshave which files or objects available, and can contact that clientdirectly.

The known KaZaa file sharing network also operates without a server 110,but to overcome the above-mentioned problem uses two types of clients: asuper node and a “normal” client. Super nodes are clients which havesufficient bandwidth, processing power and memory. A normal clientconnects to the network by connecting to a super node and sends the listof the files to be shared to the super node. A super node hasconnections to a number of clients and furthermore is also connected toa number of other super nodes.

A super node is at the same time also a normal client. That is, for theuser the fact that his computer is a super node is transparent. When auser wants to search for a file, his client sends a request to the supernode(s) to which his client is currently connected. The super nodesreturns the matching files, that are in the lists send by its clients.Furthermore the super node forwards the request, if necessary, to allthe super nodes to which it is connected in a fashion similar to the onedescribed above in the Gnutella embodiment. However, since theconnections between super nodes have a large bandwidth this approach ismuch faster than the Gnutella networks. Furthermore it can be scaled upto millions of clients.

Such sharing networks, typically referred to as peer-to-peer or P2P filesharing networks, have an enormous popularity. Well known examples ofthese networks are: Napster, Musiccity, Gnutella, Kazaa, Imesh andBearshare. Once users have installed the appropriate client software ontheir personal computers, they can share their files and they are ableto download files shared by other users. The clients 101-105 may beconnected to a network such as the Internet, which facilitates theestablishment of the access sharing network 100. A client could e.g. usea direct TCP/IP connection to another client to obtain a file or object.

On the most popular networks, usually over 500,000 people are connectedsimultaneously. At the time of writing, people are mostly sharing musicfiles (often in the MP3 format), but the sharing of movies is gainingpopularity. The term “content item” will be used to denote filescontaining music, songs, movies, TV programs, pictures and other typesof binary data, but also textual data can be shared in this fashion. Itis to be noted that a content item may be made up of several differentfiles.

International patent application WO 2004/010353 discloses a system inwhich the clients 101-105 obtain identifiers for content items theyshare and register usage information for these content items. The usageinformation is then supplied to a third party. The third partysubsequently bills the user of the client which shared the content inaccordance with the registered usage information. The third party couldfor example be a copyright clearinghouse such as the RIAA or the DutchBUMA/Stemra. The third party could be a party to the access sharingnetwork 100, although this is not necessary. The access sharing clients101-105 could simply employ a direct Internet connection, e.g. using theWorld-Wide Web, to the third party, e-mail the usage information to ane-mail address for the third party or use some other channel to transmitthe usage information to the third party.

FIG. 3 illustrates a process of playback of a content item obtained fromthe access sharing network 100, 200 by a device. For the sake ofexplanation device 101 is chosen. In step 301, the device 301 obtainsthe content item from the access sharing network. As explained above,access to the content items can be restricted. This can be done invarious ways. This means that access control data is required to enableplayback, recording or other operations of the content item.

Such access control data typically comprises one ore more indications ofthe permissions that are granted. For instance the access control datamay indicate the content item may be played back once. Or it couldindicate the content may be played back as many times as desired,although it may not be recorded permanently on a storage medium such asa CD-ROM.

Preferably access to the content is restricted using a Digital RightsManagement (DRM) system. With such a system, the content is encryptedand access to the content is only allowed if a so-called license isavailable and evaluated successfully. The license contains the accesscontrol data and typically also a decryption key that is necessary todecrypt the content. In some systems the decryption key is availablefrom another source, or already available in the device 101. In such acase the device 101 then is configured to only use the decryption key ifthe license is available and contains the right permissions for therequested operation.

In accordance with the present invention, the device 101 now obtains instep 302 the access control data from one of the other nodes in theaccess sharing network 100, 200, say device 105. With this accesscontrol data the device 101 enables playback of the content item inaccordance with the access control data in step 303. This way it isachieved that the content item is shared between devices 101 and 105,allowing them to initiate a “community session” in which the users ofsaid devices can share the playing of the content item.

Note that the device from which the content item is obtained is notnecessarily the same device as the device from which the access controldata is obtained. Although this is likely, since a device sharing thecontent is likely to also have the necessary access control data, adevice may also share content for which it has no access control data.

Preferably the obtained access control data is only used for a limitedperiod of time. This ensures that the device 101 cannot use the obtainedcontent item in an unlimited fashion.

In an embodiment the device 101 determines in step 304 whether thedevice 105 is still a member of the access sharing network 100, 200. Thedevice 101 grants access to the content, e.g. by using the accesscontrol data only during periods of time when this is the case.

One way to determine whether the other node is still a member of theaccess sharing network 100, 200 is to detect how much data is beingreceived from the device 105. If no data has been received from thisdevice for a predetermined period of time, it can be concluded that thedevice 105 is no longer a member of the network. This data may becontent that is shared by the device 105, but preferably it is data thatindicates the user of the device 105 is actively participating in thenetwork. For instance the data can be words or sentences typed on aninstant messaging client.

In another embodiment the device 101 monitors an activity level of thedevice 105 or its user and computes a validity period of the accesscontrol data from the data obtained by said monitoring. This activitylevel may be activity such as talking in one or more instant messagingchannels provided on the access sharing network 100, 200. If thisactivity level monitoring data matches a certain criterion, it can beconcluded that the device 105 is still a member of the access sharingnetwork 100, 200. For example if more than 50 words are received in afive-minute time window, the device 105 is still a member. A negativecriterion is also possible. For example, if no messages are typed in athree-minute time window, it can be concluded that the device 105 is nolonger a member of the access sharing network.

Once it has been determined that the device 105 has ceased to be amember of the access sharing network 100, 200, the method ends.

In an alternative embodiment the method proceeds to step 305 in whichthe device 101 still uses the access control data but only for apredetermined period of time after making the negative determination instep 304. This provides some additional flexibility and increasesuser-friendliness, because now the user of device 101 can continuewatching the content item even when the device 105 has beendisconnected.

In addition, this embodiment provides the advantage that a temporarynetwork outage does not interrupt the playback of the content item ondevice 101. Such a temporary outage will result in a negativedetermination of step 304. By choosing the predetermined period of timelarger than an average outage, it is achieved that the negativedetermination will not affect the playback. Once the outage is over, thedevice 105 will rejoin the network 100, 200 and the access control datamay be used once more as per step 303.

Optionally the device 101 may provide to other nodes in the accesssharing network certified information regarding content usage on thedevice 101.

FIG. 4 schematically illustrates a communication session between devices101 and 105. Only those elements that are relevant to the presentinvention are illustrated for the sake of clarity. It will be readilyapparent to the skilled person that components like communicationhardware and/or software, an operating system and so on may be needed.

Both devices 101, 105 are equipped with a sharing application 401. Theapplications 401-A and 401-B have established a connection between thedevices 101, 105 to allow exchange of content items. To control accessto content, both devices 101, 105 are also equipped with a DRM agent402. The device 101 can only play a protected content item if the DRMagent 402-A can obtain valid access control data and preferably is alsoable to successfully evaluate the access request given the requestedoperation, the access control data and context.

First, the device 101 obtains a content item from the access sharingnetwork as usual. When it is found that the content item is protected,the device 101 needs to determine if it has valid access control data.If not, the device 101 then requests this data from the access sharingnetwork. As explained above with reference to FIGS. 1 and 2, the requestcan be made to the central server 110 or directly to one or more othernodes 102-105.

Assume that device 105 has the necessary access control data. Thedevices 101, 105 now set up a connection to transfer this data from thedevice 105 to the device 101. Preferably this connection is securedand/or authenticated. This ensures that the access control data cannotbe intercepted or copied by an attacker.

The access control data may comprise a license and cryptographic datathat will enable DRMAgent 402-A to render the content item on device101. The DRM agent 402-A evaluates the license, and if everything checksout, the agent 402-A decrypts the content item using the cryptographicdata, so that the content can be rendered.

Before transferring the access control data to the device 101, the DRMagent 402-B preferably first checks if the request from device 101 totransfer the access control data is permitted. The access control datamay have an indication that informs whether the access control data maybe shared with other nodes in a sharing network, or under whichconditions.

Preferably the access control data specifies one ore more of thefollowing options. Note that not all the options below are mandatory andmore then one can be specified simultaneously:

-   -   Whether the content item may be made available to other nodes in        the access sharing network in accordance with the present        invention.    -   The maximum number of possible participants that are members of        the network.    -   The maximum number of actual participants in a session.    -   The number of content items that may be shared in a session.    -   The number of other running applications that are allowed next        to a session on a device.    -   The maximum amount of time a content item may be shared in a        session.    -   The number of sessions a user or device is allowed to        participate in simultaneously.    -   The minutes of real-time content data allowed to be shared per        day.    -   The allowed inactivity time of the device or its owner.    -   Whether the participants may finish current content rendering        when the owner leaves the session.    -   Whether the participants may only access the content item using        normal playback, or whether also operations like pausing,        fast-forwarding or rewinding the content is permitted.    -   Whether the participants may start playback of the content item        at any time, or whether they can only join in on an existing        playback operation initiated by the first participant to start        playback. This option means that if a participant joins after        say half an hour, he cannot see the first half hour of the        content item.    -   Whether only one participant has control over the content        rendering (start, stop, pause, fast-forward, rewind, . . . ) or        that all/multiple participants have control.

It is possible that above limitations are included in the license issuedby the content provider and that only that license is used when sharingcontent in a community, but it is also possible that a derivativelicense is created for such sharing in a community. Such derivativelicense could be made by the device that shares the content item. Suchderivative license could also incorporate a set of above limitationswithin the maneuvering space of the original license and the communityDRM rules. One can for example imagine that a content provider offers aset of limitations in the original license between which one can choosewhen sharing content, e.g. limit by time or by participants, whateversuits the person that shares his content considers best.

In addition or alternatively to being included in the access controldata, some of the limitations mentioned above may also be hardcoded inthe source and/or sink devices as part of the DRM system. This may bebeneficial for system complexity, i.e. users always experience the samekind of limitations for all content, and potentially also for systemsecurity since certain limitation always hold enforced by the devicesand not potentially be not enabled in the access control data.

A way to improve the security of the present invention is to lock to thelocation of the shared content to the virtual community. This prevents asituation in which somebody copies the content to a different location.In such a situation, any device on the access sharing network can obtaina copy of the access control data and then access the copied contentitem. This means sharing is enabled without authorization by the owner.To prevent this, all or part of an address or location of the originalcontent item should be specified in the access control data, i.e. thecontent is bound to the virtual community location. For example theaccess control data may specify the Uniform Resource Locator. Allcompliant devices used to access the content will verify that theyobtain it from the correct location.

Optionally the devices also verifies that the content is accessed fromthe right context. The latter is to prevent that content is embedded ina different context (e.g. using embedding a picture from a differentserver as is now possible using webpages).

In one preferred embodiment the operations performed by the source andrender devices are as follows.

(1) Both devices join the access sharing network.

(2) The render device obtains the content. The source device mayimplement restrictions on distribution of the content.

(3) The render device obtains a license, which license may be theoriginal license plus some additional access control data set by thesource device. The source device may implement restrictions ondistribution of the license. The source device may also create someaccess control data as part of this step for the receiver. The licensemay be made available by a different source device from the sourcedevice that made the content available to the render device.(4) The render device performs the usual DRM verification and checkingoperations, such as checking whether the license allows playback orwhether the validity period of the content is not expired.(5) The render device checks if the requirements for participating inthe access network and sharing content are met (typically verify if theusers are ‘active’, or have a ‘session’, and e.g. verifying theconditions/limitations from the list included in the text).(6) If the previous steps are successful, the render device decrypts andrenders the content.(7) Step 5 is repeated until the requirements are no longer met.

FIG. 5 schematically illustrates an embodiment of a user interface of anaccess sharing application using the present invention. On the left, achat session between users A and B is shown in chat window 501. The usercan enter new text in input field 502. On the right, an input field 503is provided where the user can enter a content item he would like to seerendered. If such a content item can be obtained from the access sharingnetwork, and access control data can be obtained, the content item isshown in display area 504. Control buttons 505 are provided to controlplayback of the content item.

In a typical scenario, either user A or B offers the content to theaccess network, and the same user subsequently starts the rendering aspart of a chat session or other interactive activity.

In many cases, an access sharing network is primarily designed to sharecontent. Additionally, channels for communication, such as chat lines orforums may be included. But this is merely a matter of perspective. Onemight also say that a discussion forum or instant messaging network isprovided with the ability to share files. Such a forum or network is tobe regarded as an access sharing network.

For instance, an access sharing network may be provided with adiscussion forum on which users can leave messages to other users. Insuch an embodiment it is possible to leave a message with a content item(or fragment thereof) embedded in one of the messages. Typically thenthe content item is available for a predetermined time after the nodethat made it available has ceased to be a member of the access sharingnetwork, or alternatively has ceased to be a member of the discussionforum. It is also possible to share the access control data in this way.

The invention may find application in (massive) multiplayer online (roleplaying) games. These games often already have the possibility forparticipants to communicate actively and to introduce their own contentinto the game. For instance, participants may upload pictures or soundsto customize the appearance of the game character (“avatar”) they areoperating in the game. In a virtual world, some players may direct theircharacters to go to the virtual cinema and one player contributes themovie, or they can upload their music to the stereo in their virtualhome which can be listened to when other players visit their virtualhome. In this application, the game represents the access sharingnetwork, and the close proximity of the game characters, e.g. in a samevirtual room, represents an indication that the players operating thosecharacters are members of said access sharing network.

International patent application WO 02/073378 discloses a method inwhich a protected content item obtained from a file sharing network canbe stored in a flexible way on a storage medium such as a CD-ROM. Theaccess control data is encrypted using a key and stored together withthe content item. All devices that are member of a particular group haveaccess to a corresponding decryption key and so can decrypt the accesscontrol data, thereby obtaining permission to access the protectedcontent item. This method can be used in conjunction with the presentinvention.

European patent application serial number 04101570.2 discloses anautomated exchange of content items via file sharing networks, in whichthe clients 101-105 are arranged for automatic bartering of desirableobjects. This can be used in conjunction with the present invention.

It should be noted that the above-mentioned embodiments illustraterather than limit the invention, and that those skilled in the art willbe able to design many alternative embodiments without departing fromthe scope of the appended claims. For instance, instead of directlyexchanging the access control data between devices 101 and 105, it isalso possible that the data is exchanged using an intermediary thirdparty.

Making a content item available on an access sharing network may besubject to distribution limits to others dependent if there's an ongoingsession (i.e. both are part of the access network).

Part of the limitations may be enforced by the source device. Having thesource perform a security check before it sends the licenses/accesscontrol data or content to the sink device can be quite effectivesecurity-wise. This applies especially if you use the model that theactivity of the participants is continuously verified and the content isstreamed, i.e. each receiver only has content it renders, but not thecontent that it might render in the future.

In the claims, any reference signs placed between parentheses shall notbe construed as limiting the claim. The word “comprising” does notexclude the presence of elements or steps other than those listed in aclaim. The word “a” or “an” preceding an element does not exclude thepresence of a plurality of such elements.

The invention can be implemented by means of hardware comprising severaldistinct elements, and by means of a suitably programmed computer. Inthe device claim enumerating several means, several of these means canbe embodied by one and the same item of hardware. The mere fact thatcertain measures are recited in mutually different dependent claims doesnot indicate that a combination of these measures cannot be used toadvantage.

The invention claimed is:
 1. A method of controlled access to contentamong a set of devices actively communicating with each other over anaccess sharing network, comprising: joining, via a sharing application,a first device of the set of devices to the access sharing network,wherein the first device participates in a session of the sharingapplication with a second device in one or more interactive channels onthe access sharing network, wherein the one or more interactive channelsconsists of one of an instant messaging channel, a discussion forum, amessage board and a multiplayer game; obtaining, at the first device, acontent item from the access sharing network, wherein access to thecontent item (i) is restricted and (ii) requires a license that contains(ii)(a) access control data and (ii)(b) a decryption key to enable arequested operation that includes playback and recording operations ofthe content item at the first device, wherein (iii) the access controldata (iii)(a) comprises one or more permissions that are granted withrespect to the requested operation of the content item and (iii)(b)specifies an originating URL address of the content item assigned to atleast one device of the set of devices of the access sharing network,and wherein the decryption key is necessary to decrypt the content item;obtaining, at the first device, the license that contains the accesscontrol data and decryption key from the second device; determining, atthe first device, in response to (i) successfully evaluating the licensethat contains the access control data and the decryption key and (ii)verifying that the content item (ii)(a) is obtained from the originatingURL address of the content item within the access sharing network toprevent sharing without authorization by an owner of the original of thecontent item and (ii)(b) is accessed from a right context of therequested operation to prevent a sharing of the content item embedded ina different context, that the first device is authorized to perform therequested operation of the content item; and granting access andenabling the requested operation of the content item at the first devicein accordance with the access control data determined from the licenseby using the access control data and the decryption key only in responseto (i) verification that the content item is (i)(a) obtained from theoriginating URL address of the content item and (i)(b) accessed from theright context, and (ii) a positive determination that the second deviceis still an actively participating member in the session of the sharingapplication of the access sharing network.
 2. The method of claim 1,further comprising: using the access control data at the first deviceduring a predetermined period of time after making a determination thatthe second device has ceased to be an actively participating member ofthe access sharing network.
 3. The method of claim 1, furthercomprising: ceasing the performing of the requested operation of thecontent item at the first device in response to detecting at the firstdevice that no data has been received from the second device for apredetermined period of time.
 4. The method of claim 1, furthercomprising: computing, at the first device, a validity period of theaccess control data from data indicating an activity level of the seconddevice on the access sharing network.
 5. The method of claim 4, whereinthe activity level comprises a predetermined amount of activity in theone or more interactive channels provided on the access sharing network.6. A first device configured for controlled access to content among aset of devices actively communicating with each other over an accesssharing network, comprising: a microprocessor; a sharing applicationexecutable by the microprocessor for use in (i) joining an accesssharing network and (ii) obtaining a content item from the accesssharing network, wherein the first device is configured to participatein a session of the sharing application with a second device in one ormore interactive channels on the access sharing network, wherein the oneor more interactive channels consists of one of an instant messagingchannel, a discussion forum, a message board and a multiplayer game, andwherein access to the content item (i) is restricted and (ii) requires alicense that contains (ii)(a) access control data and (ii)(b) adecryption key to enable a requested operation that includes playbackand recording operations of the content item at the first device,wherein (iii) the access control data (iii)(a) comprises one or morepermissions that are granted with respect to the requested operation ofthe content item and (iii)(b) specifies an originating URL address ofthe content item assigned to at least one device of the set of devicesof the access sharing network, and wherein the decryption key isnecessary to decrypt the content item; a digital rights management (DRM)application executable by the microprocessor for obtaining the licensethat contains the access control data and the decryption key from asecond device over the access sharing network, the DRM applicationfurther for determining in response to (i) successfully evaluating thelicense and (ii) verifying that the content item (ii)(a) is obtainedfrom the originating URL address of the content item within the accesssharing network to prevent sharing without authorization by an owner ofthe original of the content item and (ii)(b) is accessed from a rightcontext of the requested operation to prevent a sharing of the contentitem embedded in a different context, that contains the access controldata and the decryption key that the first device is authorized toperform the requested operation of the content item, and for grantingaccess and enabling the requested operation of the content item at thefirst device in accordance with the access control data determined fromthe license by using the access control data and the decryption key onlyin response to (i) verification that the content item is (i)(a) obtainedfrom the originating URL address of the content item and (i)(b) accessedfrom the right context, and (ii) a positive determination that thesecond device is still an actively participating member in the sessionof the sharing application of the access sharing network.
 7. The firstdevice of claim 6, wherein the sharing application module provides tofurther devices in the access sharing network certified informationregarding content usage on the first device.
 8. A non-transitorycomputer readable medium encoded with a computer program containinginstructions for causing a programmable device to operate as the firstdevice of claim 6.